Fail2ban and IP address blocking support (closes #164)

7 files changed, 31 insertions, 35 deletions

diff --git a/resources/config/common/server.toml b/resources/config/common/server.toml
index 273c82de..4de0ce0a 100644
--- a/resources/config/common/server.toml
+++ b/resources/config/common/server.toml
@@ -5,7 +5,13 @@
 [server]
 hostname = "%{HOST}%"
 max-connections = 8192
-#proxy-trusted-networks = ["127.0.0.0/8", "::1", "10.0.0.0/8"]
+
+#[server.proxy]
+#trusted-networks = {"127.0.0.0/8", "::1", "10.0.0.0/8"}
+
+[server.security]
+blocked-networks = {}
+fail2ban = "100/1d"
 
 [server.run-as]
 user = "stalwart-mail"
@@ -25,5 +31,3 @@ backlog = 1024
 [global]
 shared-map = {shard = 32, capacity = 10}
 #thread-pool = 8
-
-
diff --git a/resources/config/common/sieve.toml b/resources/config/common/sieve.toml
index 322c78f5..d41cee31 100644
--- a/resources/config/common/sieve.toml
+++ b/resources/config/common/sieve.toml
@@ -47,10 +47,6 @@ return-path = ""
 no-capability-check = true
 sign = ["rsa"]
 
-[sieve.trusted.default]
-directory = "%{DEFAULT_DIRECTORY}%"
-store = "%{DEFAULT_STORE}%"
-
 [sieve.trusted.limits]
 redirects = 3
 out-messages = 5
diff --git a/resources/config/common/store.toml b/resources/config/common/store.toml
new file mode 100644
index 00000000..6924769f
--- /dev/null
+++ b/resources/config/common/store.toml
@@ -0,0 +1,23 @@
+#############################################
+# Storage configuration
+#############################################
+
+[storage]
+data = "%{DEFAULT_STORE}%"
+fts = "%{DEFAULT_STORE}%"
+blob = "%{DEFAULT_STORE}%"
+lookup = "%{DEFAULT_STORE}%"
+directory = "%{DEFAULT_DIRECTORY}%"
+
+[storage.encryption]
+enable = true
+append = false
+
+[storage.spam]
+header = "X-Spam-Status: Yes"
+
+[storage.fts]
+default-language = "en"
+
+[storage.cluster]
+node-id = 1
diff --git a/resources/config/config.toml b/resources/config/config.toml
index b79c9f0c..a2b14cd5 100644
--- a/resources/config/config.toml
+++ b/resources/config/config.toml
@@ -12,6 +12,7 @@ default_store = "__STORE__"
 [include]
 files = [ "%{BASE_PATH}%/etc/common/server.toml",
           "%{BASE_PATH}%/etc/common/tls.toml",
+          "%{BASE_PATH}%/etc/common/store.toml",
           "%{BASE_PATH}%/etc/common/tracing.toml",
           "%{BASE_PATH}%/etc/common/sieve.toml",
           "%{BASE_PATH}%/etc/directory/imap.toml",
@@ -37,7 +38,6 @@ files = [ "%{BASE_PATH}%/etc/common/server.toml",
           "%{BASE_PATH}%/etc/jmap/protocol.toml",
           "%{BASE_PATH}%/etc/jmap/push.toml",
           "%{BASE_PATH}%/etc/jmap/ratelimit.toml",
-          "%{BASE_PATH}%/etc/jmap/store.toml",
           "%{BASE_PATH}%/etc/jmap/websockets.toml",
           "%{BASE_PATH}%/etc/smtp/auth.toml",
           "%{BASE_PATH}%/etc/smtp/listener.toml",
diff --git a/resources/config/jmap/auth.toml b/resources/config/jmap/auth.toml
index 6640ea42..a222d5e6 100644
--- a/resources/config/jmap/auth.toml
+++ b/resources/config/jmap/auth.toml
@@ -2,9 +2,6 @@
 # JMAP authentication & session configuration
 #############################################
 
-[jmap]
-directory = "%{DEFAULT_DIRECTORY}%"
-
 [jmap.session.cache]
 ttl = "1h"
 size = 100
diff --git a/resources/config/jmap/store.toml b/resources/config/jmap/store.toml
deleted file mode 100644
index f639bccd..00000000
--- a/resources/config/jmap/store.toml
+++ /dev/null
@@ -1,21 +0,0 @@
-#############################################
-# JMAP server store configuration
-#############################################
-
-[jmap.store]
-data = "%{DEFAULT_STORE}%"
-fts = "__FTS_STORE__"
-blob = "__BLOB_STORE__"
-
-[jmap.encryption]
-enable = true
-append = false
-
-[jmap.spam]
-header = "X-Spam-Status: Yes"
-
-[jmap.fts]
-default-language = "en"
-
-[jmap.cluster]
-node-id = 1
diff --git a/resources/config/smtp/listener.toml b/resources/config/smtp/listener.toml
index c646c83b..fc4aa45d 100644
--- a/resources/config/smtp/listener.toml
+++ b/resources/config/smtp/listener.toml
@@ -19,6 +19,3 @@ tls.implicit = true
 [server.listener."management"]
 bind = ["127.0.0.1:8080"]
 protocol = "http"
-
-[management]
-directory = "%{DEFAULT_DIRECTORY}%"